Hans-Christoph Steiner @eighthave@librem.one

@vitriolix what are you using to cross-post to twitter?

@Gargron is providing a shining example of the new breed of "startup" culture that is arising. We want impact in the public interest, and just to make a living doing it. Getting rich is besides the point, and it is certainly not a reason to compromise the goals of the project. I believe #FDroid is another example of this.

https://arstechnica.com/tech-policy/2022/12/twitter-rival-mastodon-rejects-funding-to-preserve-nonprofit-status/

@JewishConversations @futurebird I'd go broader than that: I don't think it makes sense to combine very public posts with private posts in the same app or platform. This is part of why I use the librem.one instance: it has direct messages disabled https://puri.sm/posts/introducing-librem-social/

@matthew_d_green The solution to the problem posed in that piece is referenced in it: #FBI got #Signal messages when they had a legitimate reason to have them. End-to-end encryption stops mass surveillance, but clearly did not stop the Jan 6th investigations. I think its pretty clear that phones should be treated like one's house in terms of search and seizure. Courts can compel people to give info, and can compel people to unlock their phones. My guess is that's how FBI got info from Signal.

@Billie One thing is clear: if bumping #targetSdkVersion breaks key features, then it is not worth doing it, especially if the app is shipped via #FDroid from the f-droid.org repo.

@jz YES! I'm already a practioner! I highly recommend it

@Billie For apps that don't have features broken by #targetSdkVersion, you might as well up it. If your app is in a memory safe language e.g. Java, Kotlin then the targetSdkVersion does not help you much while restricting features. If the app uses C/native code and you don't want to think too much about security vulns, then upping it could help you. My understanding is that #Google thinks of it as a way to protect private data from unknown apps, so they don't have to review uploads to Play.

Sandboxes have often been represented as a security feature, but it seems there are always ways out, e.g. there are always jailbreaks available for iOS. Sandboxes still make sense for restricting non-malware apps from accessing private info. For security, its more important to avoid targeted exploits, e.g. reducing identifiability, to force the use 0days into broader targets, which is then more likely to burn that 0day. Users of 0day exploits are rarely willing to burn one to target one person

@rogermcnamee on top of that, each affected Facebook user has been allocated about $2.25. Yup, two dollars and change. A classic example of the problems of class action lawsuits. The firm gets to cash out with $181 million, but the actual settlement for the affected parties is not worth the time to do the paperwork.

@filippo Cloudflare will tell you about it: https://blog.cloudflare.com/icloud-private-relay/ It is based on the #IETF #MASQUE standard for proxying over UDP/QUIC.

@mozilla here's the link, I think https://blog.mozilla.org/en/mozilla/mozilla-launch-fediverse-instance-social-media-alternative/

@somegirlprivacy@mstdn.asprivacy.com I'm not saying it should not be updated, we welcome contributions there. I would love to see F-Droid working well everywhere, I can't do it all, and the dev team for #FDroid is small. We can make it work well for a lot more people if there are more contributors.